[ovs-dev] [PATCH] tests: Refactor the iptables accept rule.
William Tu
u9012063 at gmail.com
Thu Jul 23 16:35:43 UTC 2020
Certain Linux distributions, like CentOS, have default iptable
rules to reject input traffic from br-underlay. Refactor by
creating a macro 'IPTABLES_ACCEPT([bridge])' for adding the
accept rule to the iptable input chain.
Signed-off-by: William Tu <u9012063 at gmail.com>
---
tests/ovs-macros.at | 7 +++++++
tests/system-traffic.at | 12 ++----------
2 files changed, 9 insertions(+), 10 deletions(-)
diff --git a/tests/ovs-macros.at b/tests/ovs-macros.at
index fee50901543e..b1f666f4e83f 100644
--- a/tests/ovs-macros.at
+++ b/tests/ovs-macros.at
@@ -333,3 +333,10 @@ m4_ifndef([AT_FAIL_IF],
[m4_define([AT_FAIL_IF],
[AT_CHECK([($1) \
&& exit 99 || exit 0], [0], [ignore], [ignore])])])
+
+dnl Certain Linux distributions, like CentOS, have default iptable rules
+dnl to reject input traffic from bridges such as br-underlay.
+dnl Add a rule to always accept the traffic.
+m4_define([IPTABLES_ACCEPT],
+ [AT_CHECK([iptables -I INPUT 1 -i $1 -j ACCEPT])
+ on_exit 'iptables -D INPUT 1 -i $1'])
diff --git a/tests/system-traffic.at b/tests/system-traffic.at
index 2a0fbadff4a1..02f0e2716320 100644
--- a/tests/system-traffic.at
+++ b/tests/system-traffic.at
@@ -688,11 +688,7 @@ AT_CHECK([ip link set dev br-underlay up])
dnl Set up tunnel endpoints on OVS outside the namespace.
ADD_OVS_TUNNEL([gre], [br0], [at_gre0], [172.31.1.1], [10.1.1.100/24])
-dnl Certain Linux distributions, like CentOS, have default iptable rules
-dnl to reject input traffic from br-underlay. Here we add a rule to walk
-dnl around it.
-iptables -I INPUT 1 -i br-underlay -j ACCEPT
-on_exit 'iptables -D INPUT 1'
+IPTABLES_ACCEPT([br-underlay])
ip netns exec at_ns0 tcpdump -n -i p0 dst host 172.31.1.1 -l > p0.pcap &
sleep 1
@@ -739,11 +735,7 @@ dnl Set up tunnel endpoints on OVS outside the namespace and emulate a native
dnl linux device inside the namespace.
ADD_OVS_TUNNEL([erspan], [br0], [at_erspan0], [172.31.1.1], [10.1.1.100/24], [options:key=1 options:erspan_ver=1 options:erspan_idx=7])
-dnl Certain Linux distributions, like CentOS, have default iptable rules
-dnl to reject input traffic from br-underlay. Here we add a rule to walk
-dnl around it.
-iptables -I INPUT 1 -i br-underlay -j ACCEPT
-on_exit 'iptables -D INPUT 1'
+IPTABLES_ACCEPT([br-underlay])
ip netns exec at_ns0 tcpdump -n -x -i p0 dst host 172.31.1.1 -l > p0.pcap &
sleep 1
--
2.7.4
More information about the dev
mailing list